/**
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2017 © yangxiaobing, 873559947@qq.com
 *
 * This file is part of contentManagerSystem.
 * contentManagerSystem is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * contentManagerSystem is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with contentManagerSystem.  If not, see <http://www.gnu.org/licenses/>.
 *
 * 这个文件是contentManagerSystem的一部分。
 * 您可以单独使用或分发这个文件，但请不要移除这个头部声明信息.
 * contentManagerSystem是一个自由软件，您可以自由分发、修改其中的源代码或者重新发布它，
 * 新的任何修改后的重新发布版必须同样在遵守GPL3或更后续的版本协议下发布.
 * 关于GPL协议的细则请参考COPYING文件，
 * 您可以在contentManagerSystem的相关目录中获得GPL协议的副本，
 * 如果没有找到，请连接到 http://www.gnu.org/licenses/ 查看。
 *
 * - Author: yangxiaobing
 * - Contact: 873559947@qq.com
 * - License: GNU Lesser General Public License (GPL)
 * - source code availability: http://git.oschina.net/yangxiaobing_175/contentManagerSystem
 */
package com.laborder.sysyy.utils;

import com.laborder.sysyy.entity.Role;
import com.laborder.sysyy.entity.User;
import com.laborder.sysyy.service.user.UserService;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;


/**
 * 自定义Realm 实现Shiro权限验证
 *
 * @author yangxiaobing
 * @date 2017/7/10
 */
@Component
public class ShiroDbRealm extends AuthorizingRealm {

    private Logger log = LogManager.getLogger(ShiroDbRealm.class);

    @Autowired
    @Lazy
    private UserService userService;


    /**
     * 获取认证信息
     *
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken userToken = (UsernamePasswordToken) token;
        String userName = userToken.getUsername();
        if (StringUtils.isEmpty(userName)) {
            log.error("获取认证信息失败，原因:用户名为空");
            throw new AccountException("用户名为空");
        }
        // 根据登陆用户名查询用户信息
        Map<String,Object> map = new HashMap<String,Object>();
        map.put("userName", (String)token.getPrincipal());
        User user = login(map);
        if (user == null) {
            throw new AccountException("用户信息为空");
        }
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        session.setAttribute("user", user);//将当前登录用户存到shiro定义的Session中
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUserName(), user.getPassword(), getName());
        if (null != info) {
            log.info("用户认证通过:登陆用户名:" + user.getUserName());
            return info;
        }
        return null;
    }
    private User login(Map<String, Object> map) {


        return userService.login(map);
    }

    /**
     * 获取授权信息
     *
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//实例化授权类
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        Map<String,Object> map=new HashMap<String,Object>();
        map.put("userName", (String)principals.getPrimaryPrincipal());
        User user = login(map);
        if(user!=null){
            List<String> roleNames=new ArrayList<String>();
            List<Role> listRoles=user.getListRoles();
            List<String> permissionNames = new ArrayList<String>();
            if(listRoles!=null) {
                if(listRoles.size()>0) {
                    for(Role r:listRoles){
                        roleNames.add(r.getRoleName());
                    }
                }
            }

            info.addStringPermissions(permissionNames);
            info.addRoles(roleNames);
        }


        return info;
    }



    /**
     * 清除所有用户授权信息缓存.
     */
    public void clearAllCachedAuthorizationInfo(){
        log.info("清除所有账号缓存");
        Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();
        if (cache != null){
            for (Object key : cache.keys()) {
                cache.remove(key);
            }
        }
    }
}
